A while back, we encountered a potentially dangerous bug in our system. It was invoked by a seldom-used menu option on the client but the operation didn't work properly. It ended up causing corrupted data in the database. Objects that were supposed to belong to one person ended up belonging to another person resulting in a potentially serious security risk. We were able to repair the data fairly quickly but we needed to stop this operation from being used in the future causing more corruption. We didn't have the option to release new client software - that would have taken months to go through the testing process. We didn't have a patching mechanism and weren't allowed to put on in. We were, however, using a GemStone database running Smalltalk code on the server and changing methods in the centralized GemStone server was easy. So, our temporary work-around was to change GemStone code specific to that one operation that would cause the client to crash. This stopped it from committing the transaction and corrupting the database. I think it's the first time I intentionally added code to make an application crash in the field because the alternative was worse.
Download